Home | History | Annotate | Download | only in os
      1 #
      2 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
      3 # Use is subject to license terms.
      4 #
      5 # CDDL HEADER START
      6 #
      7 # The contents of this file are subject to the terms of the
      8 # Common Development and Distribution License (the "License").
      9 # You may not use this file except in compliance with the License.
     10 #
     11 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
     12 # or http://www.opensolaris.org/os/licensing.
     13 # See the License for the specific language governing permissions
     14 # and limitations under the License.
     15 #
     16 # When distributing Covered Code, include this CDDL HEADER in each
     17 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     18 # If applicable, add the following below this CDDL HEADER, with the
     19 # fields enclosed by brackets "[]" replaced with your own identifying
     20 # information: Portions Copyright [yyyy] [name of copyright owner]
     21 #
     22 # CDDL HEADER END
     23 #
     24 # Device policy configuration file.   When devices are opened the
     25 # additional access controls in this file are enforced.
     26 #
     27 # The format of this file is subject to change without notice.
     28 #
     29 # Default open privileges, must be first entry in the file.
     30 #
     31 
     32 *		read_priv_set=none		write_priv_set=none
     33 
     34 #
     35 # Kernel memory devices.
     36 #
     37 mm:allkmem	read_priv_set=all		write_priv_set=all
     38 mm:kmem		read_priv_set=none		write_priv_set=all
     39 mm:mem		read_priv_set=none		write_priv_set=all
     40 
     41 rtvc:rtvc*					write_priv_set=none
     42 rtvc:rtvcctl*					write_priv_set=sys_config
     43 #
     44 # Socket interface access permissions.
     45 #
     46 icmp		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
     47 icmp6		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
     48 ip		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
     49 ip6		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
     50 keysock		read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
     51 ipsecah		read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
     52 ipsecesp	read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
     53 spdsock		read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
     54 bridge		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
     55 
     56 #
     57 # IP observability device access permission
     58 #
     59 ipnet		read_priv_set=net_observability write_priv_set=net_observability
     60 
     61 #
     62 # Disk devices.
     63 #
     64 md:admin					write_priv_set=sys_config
     65 fssnap:ctl	read_priv_set=sys_config	write_priv_set=sys_config
     66 scsi_vhci:devctl				write_priv_set=sys_devices
     67 #
     68 # Other devices that require a privilege to open.
     69 #
     70 envctrltwo	read_priv_set=sys_config	write_priv_set=sys_config
     71 random						write_priv_set=sys_devices
     72 openeepr					write_priv_set=all
     73 #
     74 # IP Filter
     75 #
     76 ipf             read_priv_set=sys_ip_config     write_priv_set=sys_ip_config
     77 
     78